Sanford Whiteman wrote:
Unlike... um, anyone on this list, it seems... I know firsthand what
SEC and NASD think of homegrown "compliance" solutions.
That's why you pay someone else to do it and insist that they slap on a
fancy name like "Perfect Super Uber E-mail Compliance Archive System".
But seriously, the baseline test is whether or not it works, and no one
should invest in something that doesn't meet regulations.
I do have some experience with the feds, and I did work for a
multi-billion dollar corporation where my immediate boss was in charge
of E-mail for the entire company, and we were always being sued by
someone. That was pre-SOX though, but we all knew it was coming and
that it mostly just clarified retention policies by better defining what
was classified as a covered communication. I also have a good friend
deals with bank audits on a regular basis as well as SOX compliance.
When audited, they will always point a list of things out, and they can
find fault with anything that they choose to find fault with. The real
trick is ensuring that you aren't grossly negligent.
Also note that congress didn't even specify retention periods within SOX
or methods of retention, this was all inferred after the fact by
combining aspects of various laws and regulations, and they certainly
didn't endorse a particular product for providing a solution.
With all of that said, I believe that what one does should be compatible
with the dynamics of one's business. For a single location entity with
less than 200 employees, clearly a less robust solution could manage the
task, and it could be home grown. Those that have many more employees
and multiple locations would likely find a commercial solution more
beneficial overall. There are even situations with multi-national
companies where it is pretty much impossible to be in compliance with
every regulation that applies to them. For instance, some countries
require removing certain records for privacy, while others require
retaining all such records for oversight and legal reasons.
Matt
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
